Enterprise Mac | Tom Yager | August 2006

MORE ENTRIES

August 2006

August 25, 2006 | Comments: (0)

Sequelae of that seldom-seen, irrelevant, could only happen on Windows worm

In the preceding post, I laid out a case that Windows is inherently less secure than OS X based on a real life case-in-point, that being my server's infestation with a worm now universally identified as MS06-040.

I've placed myself in the situation of being a Windows server administrator who can't just apply the pat help desk cure "erase and reinstall." What happens when I try to hang in and use the tools at my disposal to fight the good fight?

First, remember that I wrote that this problem is bigger than so far realized or reported? My Windows mail server coughed up this bit:

Attempting MX: P=010 D=apple.com TTL=(31) MX=[xx.xx.apple.com] {17.xx.xx.xx}
Attempting SMTP connection to [17.xx.xx.xx : 25]
Waiting for socket connection...
Socket connection established
Waiting for protocol initiation...
554 <unknown[65.xx.xx.xx]>: Client host rejected: 5.7.1.: Message rejected. See http://njabl.org/ and http://www.spamhaus.org/SBL
QUIT

I have never raised a louder alarm for a security threat than have commercial security product vendors, but in this case, we're just seeing the tip of the iceberg. Clicking the spamhaus.org link took me to CBL (Composite Blocking List). CBL's getting so many click-throughs from e-mail delivery failures that it put the MS06-040 worm on its home page:

UPDATED 2006/08/21: NEWS ALERT 2006/08/14

Commencing August 13th, we have been seeing large numbers of CBL detections caused by the vulnerabilities referenced in Microsoft's MS06-040 security bulletin. At least one of the vulnerabilities can occur without users/administrators doing anything. If you are running Microsoft Windows, we strongly advise patching as soon as possible.

Ah, but the patch is prophylaxis, not cure. That word's not really getting out. Once MS06-040 (it's good that everyone's agreed on a name for it) busts in, it turns your server into party central for the MBM (mommy's basement mafia). If you figured on scraping MS06-040 from your system, SANS has this to say:

You really cannot and

Even if you delete the keys that start the malware,
your settings will be mangled, e.g. a test infection with the wgareg.exe:

created 17 new registry keys
modified 77 other keys including keys used for firewalls, sharing of files, etc.
That was just the infection itself, no follow up, no communications with the C & C

Like any bot it is unpredictable in what the C & C caused the bot to do

Incidentally, C & C is "command and control," referring in this case to Internet Relay Chat servers that are wired with scripts to drive infected systems remotely. SANS makes the chilling statement that it's impossible to tell what the bot is making your server do.

This worm takes cover behind Windows' many areas of opaqueness, specifically: The monolithic, non-human-readable, omnipotent Registry; Windows' "hidden" file flag and bugs that make files invisible even from the command prompt; the ease with which processes and threads can avoid identification; and invisible Windows "administrative file shares." There are also Windows' facilities for foster parenthood. For example, the process tree for a Windows server can be dotted with multiple "svchost.exe" and "rundll32.exe" entries.

There are way too many places to hide in a Windows server.

It is possible to analyze an infected Windows system's interaction with the network by running it in a sandnet, and tools let you watch changes to the Registry in real-time. But everything that this bit of malware does prior to its victim's discovery is an unsolvable mystery, and even watching the WAN traffic doesn't point back to the code that generates it.

MS06-040 quietly brought in another trojan, SDBOT (various flavors), with which I'm having fun. I have ClamAV running in quarantine mode in a constant loop, wondering what's next.

Every step of this process is enlightening.

Posted by Tom Yager on August 25, 2006 05:44 PM

August 22, 2006 | Comments: (0)

Is Windows inherently more vulnerable to malware attacks than OS X?

[the only trolling here is being perpetrated by those sending people here to be outraged]

It took an attack on a Windows production server, not devotion to Apple, to put that provocative title on this entry.

On August 13 at 3:04 AM, a Windows server that I've been running for all of two weeks--it just replaced an Xserve G5--was attacked by a new strain of malware. This worm/trojan/backdoor/proxy/IRCbot/DDOS agent shared some characteristics with a known exploit, but it went well beyond what was described. I believed at the time of the infection, and even more strongly now, that this exploit's latent damage potential has been underestimated. I view the terse and vague update on the CERT site regarding the less tenacious strain of this beast with a sense of foreboding.

The attack I encountered occasioned a re-examination of a common question: Is Windows more vulnerable to malware than OS X? I've encountered no clearer or more definitive proof point than this attack. To set the stage, I'll describe the malware's methods. The only victim requirement is that a Windows system--client or server from 2000 and XP on up, 32 and 64-bit--be on an Internet-accessible IP address and listening for socket requests to the Windows Server service. The attacker connects to the Windows Server service, overflows a fixed-length buffer and tricks the service into executing code contained in a portion of the buffer. The attack edits the Registry to turn off the Windows firewall and packet filter, disables notifications that you're running with reduced security, and opens your system to anonymous access. It then uses the Registry to insert plant a pair of Windows services that run with SYSTEM privileges. Processes owned by that pseudo-user can literally do anything, unchecked, to the local machine. The malware services launch and announce your exploited system's presence via IRC and IM. After that, an IRC bot or (sub)human driver can make your system do whatever it wants, including making it a nest for more malware. In my case, it was so eager to scan the Internet for other systems to infect that it locked my server's CPUs at 100 percent and gave itself away.

To nail itself in place, two services watch for and regenerate each other even if their files are deleted. The malware adds an entry to Administrator's login script, and it watches for a privileged invocation of Windows Explorer (like Finder) and attaches a malicious thread to that.

I've been giving it great deal of thought, and I came up with a reasons pointing to the likelihood that Windows is at greater risk of catastrophic attacks. It's not easy reading, but it was either this dense packing or a book-length blog post.

• All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.
• By default, Windows launches all services with SYSTEM-level privileges.
• SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore
• The activity of SYSTEM is next to impossible to control or log.
• Most of the code running on any Windows system at a given time is related to services, most or all of which run with SYSTEM privileges, therefore
• Successful infection of running Windows software carries a good chance of access to SYSTEM privileges.
• Windows buries most privileged software, service executables and configuration files in a single, unstructured massive directory (SYSTEM32) that is frequently used by third parties. Windows will notify you on an attempt to overwrite one of its own system files stored here, but does not try to protect privileged software.
• Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32.
• Windows has no equivalent to OS X's bill of materials, so it cannot validate permissions, dates and checksums of system and third-party software.
• Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage.
• Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid.
• Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread. Attackers use this same mechanism to cloak malware. A privileged user must never be denied access to a debugger on any system. My right to track down malware on my computers trumps vendors' interests in preventing piracy or reverse-engineering. Maintaining that right is one of the reasons that open source commercial OS kernels are so vital.
• Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system.
• Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it.
• Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these.
• One of the strongest tools that Microsoft has to protect users from malware is Access Control Lists (ACLs), but standard tools make ACLs difficult to employ, so most opt for NTFS's inadequate standard access rights.

Why this can't happen under OS X:

• OS X has no user account with privileges exceeding root.
• Maximum privilege is extended only to descendants of process ID 1 (init or Darwin's launchd), a role that is rarely used and closely scrutinized.
• Unlike services.exe, launchd executes daemons and scheduled commands in a shell that's subject to login scripts, environment variables, resource limits, auditing and all security features of Darwin/OS X.
• Apple's daemons have man pages, and third parties are duty-bound to provide the same. Admins also expect to be able to run daemons, with verbose reporting, in a shell for testing.
• OS X Man pages document daemons' file dependencies, so administrators can easily rework file permissions to match daemons' reduced privileges.
• Launchd can tripwire directories so that if they're altered unexpectedly, launchd triggers a response.
• If an attacker takes over a local or remote console, any effort to install software or alter significant system settings cannot proceed without entering the administrator's user name and password, even if the console is already logged in as a privileged user. In other words, even having privileges doesn't ensure that even an inside hacker can arrange to keep them.
• OS X has a single console and a single system log, both in plain text.
• OS X's nearest equivalent to the Registry is Netinfo, but this requires authentication for modification. In later releases of OS X, it is fairly sparse.
• Applications have their own per-user and system-wide properties files, private Registries if you like, stored in human-readable files in standard locations.
• Every installed file is traceable to a bill of materials that can verify that the file is meant to exist, and that it and all of its dependencies match their original checksums. Mac users, back up and protect your Receipts folder!
• The directories used to hold OS X's privileged system executables are sacred. Anything new that pops up there is immediately suspect.
• OS X does not require that a user be logged in as an administrator to install software. The user or someone aiding the install needs to know the name and password of a local administrative user to complete the install. On a network, most software is installed using Remote Desktop, an inexpensive Systems Management Server-like console.
• The UNIX/POSIX API, standard command-line tools and open source tools leave malware unable to hide from a competent OS X administrator. It takes a new UNIX programmer longer to choose an editor than it does to write a console app that walks the process tree listing privileged processes. Finding the owners of open TCP/UDP ports or open files is similarly trivial. The "system" is not opaque.
• Basic OS X features can be put to use to make life miserable for malware. For example, Windows' hackable restore points are done better by OS X's ability to create encrypted, read-only disk images. They're simpler than archives, and you can mount them as volumes anywhere in your file hierarchy.
• Likewise, OS X Server will image any Mac client or server's local drives and maintain safe copies that can be used not only for restoration, but which can be booted from to guarantee that there's no trace of infection.
• When erase-and-reinstall is the only way to be sure, OS X Server automates it. It can safely capture the affected Mac's active drives before having that Mac boot from the fresh install image.

So, after all this, do I have enough to judge Windows inherently more vulnerable to severe malware than OS X? I do.

I've been writing about these shortcomings for years, and it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners. Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through .Mac, and launchd. Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says "launchd," and sits back down.

Posted by Tom Yager on August 22, 2006 10:27 PM

August 07, 2006 | Comments: (0)

APPLE'S OS X X86 DARWIN KERNEL IS OPEN SOURCE

When we study a thing, we gain an appreciation of it. When we change a thing, we learn.

It wasn't a public highlight of WWDC, but I learned here that Apple has elected to open the source for the x86 Darwin kernel and created an official project to maintain it and act as a liaison between Apple and the developers working on, and learning from OS X Tiger's system-level source code.

I can say with absolute certainty that I had zero influence on Apple's decision; the decision predates my involvement with the issue. Not many truly understood why I made this my hill to die on, so fewer still will understand why I'm so elated at this news. Far from being icing on the cake, Apple's direct engagement with open source developers, and high-end users who need to tune and alter their systems for peak performance, will dramatically alter the landscape. With the community's involvement, Apple will set a standard for openness that will show other first-tier OS vendors' open source efforts as lip service to the letter of a license. Apple has opened many technologies, including Bonjour, Open Directory and launchd, that others would unquestionably hold as proprietary to maintain a competitive advantage.

To Apple management who wrestled with the balance between public engagement and the protection of IP, and to the Apple developers who busted hump so that Apple could roll this program out at WWDC, my heartfelt thanks. This will be remembered as one of Apple's smartest strategic decisions.

Posted by Tom Yager on August 7, 2006 10:39 PM

August 07, 2006 | Comments: (0)

WWDC 2006 Report

Opening day at Apple's Worldwide Developers Conference always marks the release of new products. Steve Jobs' keynote rolled out two new 64-bit Intel Xeon-based systems, Mac Pro and Xserve. These new systems, based on Intel's just-released Core Microarchitecture "Woodcrest" Xeon, replace the Power Mac G5 and Xserve G5, both of which were based on IBM's PowerPC 970 series of 64-bit RISC processors. Apple's Woodcrest Xserve and Mac Pro are state of the art for Intel 64-bit x86 design, but they cost considerably less than the lesser-performing PowerPC machines they're replacing.

The Intel-based Mac Pro and Xserve restore Apple's tradition of keeping its high-end desktop/workstation closer to sync with regard to their base hardware configurations. Both have just one baseline model--each used to have three--with shared specs: Two dual-core Xeon 5100 Series CPUs with 4 MB of shared Level 2 cache; dual 1.33 GHz front-side buses, one per processor; 1 GB of 667 MHz DDR2 fully buffered DIMM (FBDIMM) memory with error correcting code (ECC), with room to expand to 16 GB when 2 GB FBDIMMs are used; two gigabit Ethernet ports; a single 300 gigabit-per-second Serial ATA (SATA) hard drive; and PCI Express expansion slots.

Beyond this level, Xserve and Mac Pro baseline configurations diverge. The standard-issue Xserve comes with 1 GB of RAM, two 2 GHz Xeon CPUs, three 800 MHz FireWire ports and two USB 2.0 ports. Customers can configure Xserve to their preferences prior to delivery with processor speed upgrades to 2.66 or 3 GHz, 15,000 RPM serial-attached SCSI (SAS) drives, a low-end ATI PCI Express graphics card, a DVD burner and an additional 650-watt power supply. Apple claims that its on-line configure to order (CTO) system is much easier to use, more flexible and imposes fewer delivery delays.

Apple refers to the inclusion of "lights out" management in Xserve, meaning that it can be managed even when powered down or when the OS fails to boot. In a briefing with Apple executives, no details of Xserve's management hardware and software were offered; additional details may be available soon.

Xserve is scheduled to ship in October 2006, with initial deliveries bundling the OS X Server Tiger (OS X 10.4) operating system with an unlimited client license. The standard Xserve will have a retail price of $2,999, which gives Apple's rack server a favorable position among Intel-based rack servers. During his keynote address, Steve Jobs illustrated that Xserve costs a bit less than a comparable rack server from Dell. Competition among Core Microarchitecture servers will quickly drive prices down, so Apple's price advantage will dwindle with time. Apple's tradition is to keep systems at their original retail pricing rather than scale them down to match market standards. However, in comparing Xserve's prices to those of other x86 servers, the unlimited-client edition of OS X Server must be taken into account. By itself, Apple's server software costs $999, and is a bargain compared to commercial Linux and Windows Server.

Apple equipped Mac Pro to compete squarely with established four-core x86 workstations built around Intel's Netburst Xeon and AMD's Opteron CPUs, and here Apple's technical and price advantages are more apparent. The standard model has two 2.66 GHz Core Microarchitecture Xeon CPUs, an NVidia GeForce 7300 GT graphics adapter with 256 MB of video RAM, a 250 GB SATA hard drive, a 16x SuperDrive DVD burner with support for double-layer discs, and four PCI Express slots including one double-wide slot for advanced graphics cards. Key CTO options for Mac Pro include a range of graphics card upgrades that include ATI's Radeon X1900 XT with 512 MB of video RAM, alternative CPU speeds of 2 and 3 GHz, AirPort Extreme and Bluetooth 2.0+EDR (extended data range) wireless, up to four SATA hard drives of 500 GB each, and a second SuperDrive DVD burner.

While Mac Pro looks like Power Mac G5 from the outside, inside it's a completely new machine. FBDIMMs do not push straight into the Mac Pro's motherboard as most systems' memory modules do. Instead, Mac Pro has the sockets for its FBDIMM on circuit cards that slide easily into special slots, obviating the common need to lay the computer on its side and maneuver sensitive memory modules into thin, stiff sockets. Mac Pro's hard drives are mounted in slide-in trays. Four trays total are included with each Mac Pro so that experienced users can upgrade their systems' storage: Four screws mount an off-the-shelf SATA hard drive to a Mac Pro tray. Empty trays will be available as separate components as well.

The base configuration of Mac Pro, which Apple claims started shipping on August 7, carries a competitive retail price of $2,499.

The keynote included a single, brief reference to Mac Pro and Xserve performance relative to Opteron, but no effort was made to support Macs' vaunted superiority over Opteron-based systems with test results. There was a tacit nod to those wondering about Intel's influence on Apple's choice of suppliers. Jobs' slides included a gratuitous beauty shot of an ATI graphics card. For now, at least, Apple is not altering its supplier relationship with ATI because of the AMD buyout.

Apple has elected to keep the majority of the details of its upcoming Leopard release of OS X (version 10.5) secret, sharing them only with developers covered by Apple's strictly enforced non-disclosure agreement. However, Apple did offer some intriguing details.

Leopard will be a 64-bit operating system, but with a powerful twist: It will permit the blending of 32-bt and 64-bit code at the executable, object code and device driver levels. Microsoft's 64-bit editions of Windows XP and Windows 2003 Server require the use of drivers specifically rewritten for 64-bit use. Apple's approach avoids second-class customers with 32-bit Macs while allowing developers to take full advantage of the features unique to Core Microarchitecture. Apple carried 64-bit engineering from the OS kernel through the GUI and 3-D layers, creating incredible performance potential for visuals, and for core computing tasks that are slowed by rich graphical interfaces.

Another standout among Leopard's features is Time Machine, a highly accessible approach to file system snapshots for rapid recovery of deleted or unintentionally altered files. Like Windows' Volume Shadow Copy, Time Machine tracks all of the file and directory changes that occur between snapshots. Users can specify a point in time and see the file system from any point in the file hierarchy as it existed at that time, or the time of the nearest snapshot. As is typical for Apple, the user interface for Time Machine is visually stunning and extraordinarily functional. When a user selects a folder, an Address Book card or any other Time Machine-tracked entity and presses the Time Machine hot key, snapshots are shown in a stack of overlapping windows. A GUI timeline at the edge of the screen lets the user scroll through time, and the user can skip back to the most recent snapshot whose contents differ from the present.

Time Machine goes a step beyond point-in-time recovery with its ability to save snapshots on external storage. A Mac client with a USB or FireWire external hard drive can use Time Machine to maintain automatic, invisible incremental backups of modified files. Using this facility, a Mac that requires an internal drive replacement or gets a disk upgrade--say, a switch from a single drive to software RAID--can be restored using that external drive. Time Machine data can also be managed on client systems' behalf by a Time Machine service that will be standard in OS X Server Leopard.

Apple demonstrated ten Leopard features in all, but beyond 64-bit support and Time Machine, only a couple of features stood out. iChat has been enhanced to stream static images and Keynote (Apple's presentation software) presentations as part of a chat. iChat has a remarkable and useful feature that renders the cluttered background behind a chat participant transparent, allowing it to be replaced by a static or moving image of the user's choice.

Core Animation is an addition to Apple's collection of Core (meaning intrinsic) frameworks. Presently, Core frameworks exist for audio, images and data. Core Animation provides a very high-level, simple API (application programming interface) to automate smooth motion, in 3-D space, of multiple layers of arbitrary visible objects. Core Animation can also smoothly transition visible objects from one set of visual parameters--like brightness, contrast and transparency--to another over time. All of Core Animation's rendering, even with dozens of layers in independent motion, takes place in real-time. The implications for next-generation user interfaces are too numerous to describe.

Apple demonstrated a new version of the Universal Access accessibility feature set built into OS X. In addition to a braille device interface, a completely new text-to-speech engine renders unbelievably natural speech from ordinary text with changes in pitch, pauses and unambiguous consonants. In Steve Jobs' keynote demo, the synthetic speaker seemed to take breaths at natural intervals. Considering the cost of natural-sounding text-to-speech solutions sold into commercial applications, Leopard's Universal Access qualifies as a hidden "worth it for this alone" feature. You'll have to hear it to believe it.

Finally, very little was said during the keynote about OS X Server Leopard, but it has been given an overhaul in several important categories. Leopard servers deploy with the ease of desktops thanks to the new Server Assistant, and once new servers are on line, they automatically sense and configure Mac clients as they are plugged into the LAN. Leopard Server includes a new Wiki service, official support for the Ruby on Rails Web application environment, and completely reworked GUI management tools.

Clearly, Apple's been busy. It's hard to believe that Leopard will ship next spring, but Apple aims to ruin Vista's chance of gaining early traction. During the keynote, Apple convincingly demonstrated several specific Vista features and look and feel elements that seemed copied directly from OS X. While Apple is keeping most of Leopard's details to itself, the message is clear: By the time Vista and Longhorn Server catch OS X Tiger, Apple will have pushed the goalposts all the way out to the parking lot.

Posted by Tom Yager on August 7, 2006 09:21 PM

August 07, 2006 | Comments: (0)

WWDC:; Mac Pro workstation, Xserve

4200 attendees, 48 counreies. 750,000 registered developers. 19M Mac installed base. 1,000 Apple Engineers on site.

Apple flagship in NYC on 5th avenue, glass cube, no metal. 17M visitors last quarter.

POWER MAC: Phil Schiller. Now Mac Pro. Intel Xeon, Woodcrest. Dual Core, up to 3GHz.

64-bit.
Performance per Watt, First reference to Opteron. All Mac Pros get 2 CPUs. 2X faster than Power Mac G5.

4 drives inside, 2nd optical. New snap-in, no cable drive carriage. More ports up front.

One standard configuration; Dual/dual, Nvidia, 2.66 250gb, 2,499. Similar config from Dell $1000 more. ATI Radeon X1900.

Mac Pro STARTS SHIPPING TODAY.

XSERVE: Quad core, 1U, redundant power, 2.25 TB disk. Lights-out mgmt software. Standard config 2,999, much cheaper than XServe G5.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

WWDC; Leopard

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

WWDC; Leopard, 10 features

1; 64-bit through UI. Completely 32-bit compatible. 32 and 64 mix top to bottom.

2: Time machine. "Back it up." Only 26 percent Mac users back up files. 4 percent using automated back-up. TM automatically backs up new/changed file as soon as changed. Plug in external drive, TM backs up automatically. A la cart restore. Stacks of previous versions of folders stretching into horizon.. Drag GUI timeline to go 1 day at a time, click arrow to wind back to most recent change. Within Address Book, fly backwards to most recent search w/different results.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

Leopard; features through 5

3; New "Spaces" multiple desktops. See all desktops tile on screen, drag apps from desktop to another.
5: Spotlight search network machines. Advanced search, booleans, file type specification. Spotlight App launcher, recent finds.
6: Core Animation. Create scene of layers. Supply start, finish, and intermediate keyframes, generates smooth 3-D animation in real-time.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

Leopard:: More

Fantastic clarity of text-to-speech.. Synth voice is lifelike in rhythm, pitch, pauses, even takes a breath now and then.

Notes to self in Mail w/special folder. Great to-do service system-wide. Select message, block of text, turn into to-do item. Showed in Mail and iCal.

Mail message templates, HTML layouts for message body.. Several default templates provided by Apple, users can create their own.

Notes to self and to-dos are rich documents.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

WWDC: Dashcode

Dashcode, special IDE for creating Dashboard HTML/JavaScript widgets. Apple supplies "parts" for Search, RSS, etc.

End-users can create Widgets by dragging to move and crop a portion of an existing external page.Updates at full speed; demonstrated w/webcam.

IChat: Mult logins, invisibility, tabbed chats w/several buddies.

PhotoBooth effects. IChat theater: talk chat partner through static images, Keynote presentations, video clips, presentation.

Backdrops: Still and full-motion replacement of actual background. Knock-out messy background as long as it doesn't move. No green/blue screen needed.

LEOPARD DEVELOPER PREVIEW TODAY, Ship next spring.

Xcode 3.0.

Finished! Now I'll go back and make sense of all this on something other than a Blackberry.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

WWDC: Dashcode

Dashcode, special IDE for creating Dashboard HTML/JavaScript widgets. Apple supplies "parts" for Search, RSS, etc.

End-users can create Widgets by dragging to move and crop a portion of an existing external page.Updates at full speed; demonstrated w/webcam.

IChat: Mult logins, invisibility, tabbed chats w/several buddies.

PhotoBooth effects. IChat theater: talk chat partner through static images, Keynote presentations, video clips, presentation.

Backdrops: Still and full-motion replacement of actual background. Knock-out messy background as long as it doesn't move. No green/blue screen needed.

LEOPARD DEVELOPER PREVIEW TODAY, Ship next spring.

Xcode 3.0.

Finished! Now I'll go back and make sense of all this on something other than a Blackberry.

Posted by Tom Yager on August 7, 2006 09:51 AM

August 07, 2006 | Comments: (0)

Not Xserve, but MacServe?

This from a commenter:

"Apple's going to hand us a Xeon 5100 Series (Woodcrest) dual socket, quad-core Xserve, keeping the Xserve name because it doesn't have "Power" in it."

Tom, I think you're wrong about that for two reasons: 1) "iBook" obviously doesn't have "Power" in the name, either, and 2) Uncle Steve said way back in January that he wants "Mac" in the name of every product. I hope we see an Xserve replacement with the specs you list, but I bet it'll be called the MacServe...

I don't remember that Steve said in his Macworld Expo keynote he wants Mac* for every product, but I'll take your word. Mac Pro and MacStation have been floated by commenters as possibilities for the workstation.

With the server, it's a different game. "Mac" doesn't carry much weight in the server rooms of non-Apple shops. Xserve, XSan, XGrid and Xserve RAID were well-named to overcome skeptics: The X is UNIX, and that has more cachet than Mac right now, at least in IT. For academic and scientific clusters, Macserve would serve perfectly well. It's hard to predict what IT folk will spend money for and what makes them leave their checkbooks at home.

Thanks for the comment.

Posted by Tom Yager on August 7, 2006 01:48 AM

August 03, 2006 | Comments: (0)

VMWare for Mac to debut August 7

VMWare will be launching a product on the opening day of Apple's Worldwide Developers Conference. The specific product is a secret, but the folks at VMWare were mightily torqued by my Parallels Desktop review's unchallenged reference to Parallels' claim of a hypervisor approach. That's a debate for another day; probably tomorrow in a phone call with VMWare. But VMWare's efforts to make sure I come to WWDC with a firm understanding of what a hypervisor is and is not takes some of the mystery out of the Monday announcement.

Parallels probably got wind of this before I did. They hurried to update me on enhancements planned for its Mac products "before the end of the year," including support for USB 2.0 and the ACPI BIOS that Vista requires. VMWare is undoubtedly going to show Vista running as a guest under Tiger. That could be really interesting if VMWare's engineers worked out the graphics driver bottleneck that slows down guests' GUIs. Parallels might just be making sure they have something fresh out there to avoid getting buried by a VMWare PR onslaught. Or it might know some specifics of VMWare's coming product, in which case we've been tipped on two more features VMWare may include in its first trip to the Mac.

I predicted a WWDC desktop virtualization shootout among VMWare, Microsoft and Parallels, but that doesn't strike me as revenue-rich battleground, It may be a wise place to start, but VMWare is focusing more heavily now on services than on shrink-wrapped software. I see enormous potential in a VMWare server product for the upcoming Xserve. The combination of Xserve, OS X Server, VMWare, Xserve RAID and a little physical-to-virtual magic would put some silvery Apple logos in racks dominated by HP, Dell and IBM badges.

VMWare has already completed work on a virtualization solution that leverages Intel's VT extensions, the very stuff that lives in every Intel-based Mac from Mac mini on up. Unless VMWare just phones it in, its Mac product will land having at least what Parallels does. And if VMWare is on the ball, it'll get to 64-bit before Parallels does, as well.

We'll see VMWare showing off hypervisor, Vista, VT, probably 64-bit and maybe a server product at WWDC. I'm hoping for the home run, the whole enchilada.

So, has anyone heard from Microsoft?

Posted by Tom Yager on August 3, 2006 04:27 PM

August 02, 2006 | Comments: (0)

Apple finally goes with AMD

At the end of this year, AMD will close a deal that will have Apple buying AMD chips for the first time.

AMD will close the deal, all right. The question is, will Apple keep using ATI, which is being acquired by AMD (it's all over but the foregone shareholders' vote), as a supplier for its critical graphics components? For all it's worth (rather little), I'm on record as supporting AMD selling ATI technology under the AMD brand. In other words, Intel OEMs that use ATI cards or integrated graphics chips will be issued new badge stickers saying, "AMD Inside."

Whether AMD chooses to use or lose the ATI brand will make no difference in the way ATI's products are treated post-acquisitioin. Intel will cast the stinkeye at any sizeable OEM that continues to use ATI parts. Some will bend to Intel's will and some will keep using what works best for their systems. At present, ATI has strong leadership in power-efficient, fast 3-D graphics. The MacBook Pro I'm using has a 256 MB ATI Mobility Radeon X1600 GPU. With it, I can pile all the QuickTime or Quartz Composer instances I please on the display at once without anything going jerky. MacBook Pro is a desktop replacement-grade notebook, and it needs desktop graphics.

On August 7, I predict that Apple will claim the distinction of being the first first-tier vendor to integrate 64-bit Core Microarchitecture CPUs across its notebook, desktop, workstation and server products (the iMac for the academic market, MacBook and Mac mini won't get the new CPU). Intel's Paul Otellini can be expected to make his customary 30-second appearance on stage with Steve to commemorate this event. But is Paul going to be steamed that ATI/AMD and Intel guts will be strapped together in every 64-bit Intel Mac?

That's presuming that Apple doesn't change horses mid-stream. If it does, it doesn't necessarily mean Intel had a hand in it. Apple sends the message that it won't get pushed around, and I can't see Apple letting anyone wink, hint, whisper or disincentive-ize it into switching suppliers.

When Intel OEMs start their entirely coincidental synchronized exodus from ATI to NVidia and Intel integrated graphics in 3...2...1, will Apple join the march? We'll know on August 7.

Posted by Tom Yager on August 2, 2006 07:34 PM

Technology White Papers

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert